Re: netlink: NULL timer crash
From: Eric Dumazet
Date: Thu Mar 23 2017 - 12:01:04 EST
On Thu, 2017-03-23 at 07:53 -0700, Eric Dumazet wrote:
> Nice !
>
> Looks like neigh->ops->solicit is NULL
Apparently we allow admins to do really stupid things with neighbours
on tunnels.
Following patch should avoid the crash.
Anyone has better ideas ?
net/ipv4/arp.c | 5 +++++
net/ipv6/ndisc.c | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 51b27ae09fbd725bcd8030982e5850215ac4ce5c..963191b12e28041bf5df6f37f222a7155f83a414 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -146,8 +146,13 @@ static const struct neigh_ops arp_hh_ops = {
.connected_output = neigh_resolve_output,
};
+static void arp_no_solicit(struct neighbour *neigh, struct sk_buff *skb)
+{
+}
+
static const struct neigh_ops arp_direct_ops = {
.family = AF_INET,
+ .solicit = arp_no_solicit,
.output = neigh_direct_output,
.connected_output = neigh_direct_output,
};
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 7ebac630d3c603186be2fc0dcbaac7d7e74bfde6..86f290b749d5ca0db4310b17ebeff35d847540c7 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -99,9 +99,13 @@ static const struct neigh_ops ndisc_hh_ops = {
.connected_output = neigh_resolve_output,
};
+static void ndisc_no_solicit(struct neighbour *neigh, struct sk_buff *skb)
+{
+}
static const struct neigh_ops ndisc_direct_ops = {
.family = AF_INET6,
+ .solicit = ndisc_no_solicit,
.output = neigh_direct_output,
.connected_output = neigh_direct_output,
};